Page MenuHomeFreeBSD
Differential D22764

VMX: Handle external interrupts with interrupts disabled.
AcceptedPublic
Actions

Authored by markj on Dec 11 2019, 5:10 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Apr 27, 5:11 AM
Unknown Object (File)
Thu, Apr 11, 4:28 AM
Unknown Object (File)
Dec 12 2023, 9:49 PM
Unknown Object (File)
Nov 23 2023, 3:35 PM
Unknown Object (File)
Nov 22 2023, 11:51 PM
Unknown Object (File)
Nov 13 2023, 9:23 PM
Unknown Object (File)
Nov 13 2023, 12:18 PM
Unknown Object (File)
Nov 6 2023, 10:02 PM
View All 19 Files
Subscribers
bcran
pmooney_pfmooney.com
rgrimes

Details

Reviewers
jhb
kib
Group Reviewers
bhyve
Summary

Currently, an external interrupt-triggered vmexit causes host interrupts
to be enabled for a brief window before the ISR is called, during which
the vcpu thread could switch off-CPU and even migrate to a different
physical CPU.

Fix this by calling vmx_exit_process() with interrupts disabled and
enabling them only after the ISR returns.

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 28080
Build 26225: arc lint + arc unit

Event Timeline

markj created this revision.Dec 11 2019, 5:10 PM
Herald added a reviewer: bhyve. · View Herald TranscriptDec 11 2019, 5:10 PM
Herald added subscribers: bcran, rgrimes. · View Herald Transcript
Harbormaster completed remote builds in B28080: Diff 65497.Dec 11 2019, 5:10 PM
markj added reviewers: jhb, kib.Dec 11 2019, 5:11 PM
kib accepted this revision.Dec 11 2019, 10:03 PM
This revision is now accepted and ready to land.Dec 11 2019, 10:03 PM
markj added a comment.Dec 11 2019, 10:38 PM

It was noted that the layer which invokes vmrun runs with preemption disabled, so it should not be possible for the vcpu thread to switch off-CPU. I'm not sure if there are any other problems that can arise from enabling host interrupts before calling the ISR.

kib added a comment.Dec 11 2019, 11:19 PM
In D22764#498381, @markj wrote:

It was noted that the layer which invokes vmrun runs with preemption disabled, so it should not be possible for the vcpu thread to switch off-CPU. I'm not sure if there are any other problems that can arise from enabling host interrupts before calling the ISR.

It also reorders interrupts. If higher-priority interrupt comes in the window, it will be served first. I do not think that lower-priority interrupt can be handled before us because EOI is only sent by the handler.

I believe we would need to worry less about this code if we make the vm exit and handler call atomic.

pmooney_pfmooney.com added a subscriber: pmooney_pfmooney.com.Dec 19 2019, 4:48 PM
pmooney_pfmooney.com added inline comments.
sys/amd64/vmm/intel/vmx.c
2986–2990

Rather than sprinkling the enable_intr() calls into vmx_exit_process(), would it perhaps be worth adding an extra handler function for the NMI and EXT_INTR cases? Leaving the enable_intr() call in vmx_run(), so the clear boundaries are maintained, that handler could be called prior to interrupt re-enabling. It would place a clear separation between "normal" exit processing (requiring no special interrupt-disabled state), and the special processing for NMI/extint.

Revision Contents
Changeset List

PathSize
sys/
amd64/
vmm/
intel/
149 lines
3 lines

Diff 65497

View Options

sys/amd64/vmm/intel/vmx.c

Loading...
View Options

sys/amd64/vmm/intel/vmx_support.S

Loading...